Meltdown: What we’re doing to protect you

Over the past few days, it became apparent that there is a major security vulnerability which impacts all x86 processors by Intel which are used over our hosting solutions. Our customers security is our first priority so we have been working hard to ensure that we get our systems patched as soon as possible.

What exactly is Meltdown?
Meltdown is a very deep and fundamental issue that was found in nearly all modern CPUs. It allows an unprivileged user to read parts of the memory to which they do not have access to, which can lead to getting access to private information.

Who is affected?
Pretty much everyone. This is a very fundamental issue and regardless of the operating system that you use, you are affected by meltdown. In theory, it affects processors that go back to those released in 1995.

How can this be fixed?
There is a series of Kernel patches which have been released which include fixes for these issues. If you’re on a RedHat variant system, the version you are looking for is: kernel-3.10.0-693.11.6.el7. It is available on our CentOS mirrors since 7AM EST.

What are you going to do about it?
Due to the architecture of our public cloud, we’re able to do live migrations transparently without affecting your workloads. This means that we will upgrade all of our hosts without any downtime for you.

What should I do about it?
While we will upgrade our systems to protect you, we strongly recommend that you upgrade your virtual machines as well in order to protect your data.

I run my own OpenStack cloud, what can I do about it?
While this is not an OpenStack issue, OpenStack operators will be heavily affected by this due to their operations. The most important thing is to make sure that you are running a kernel which includes the kernel page-table isolation patches to ensure the safety of your systems.